The great GDPR deluge

I suspect that by now you are heartily sick of receiving emails from multifarious companies about GDPR. For what seems like months (largely because it is), the business world has been inundated with webinars, white papers and other guides to the GDPR maze, while the letters’ columns of the press have had concerned missives from small charities, youth groups and allotment co-operatives, all wondering what this means for them.

There is a whiff of Y2K about all this. If you’ll recall, those who did nothing about the so-called millennium bug were smug as cats after the event, while those who stayed up to watch the clock tick past midnight, crossing their fingers and offering up incantations to the gods that their IT wouldn’t crash, simply got very tired and probably a bit annoyed that they’d called it wrong. Mind you, Y2K might only have brought your IT down: GDPR will, if you cock it up, cost you a very substantial fine.

At Be-IT, we’ve erred on the cautious side, ensuring we communicate with everyone on our various databases and deleting those who no longer want to receive updates on our IT jobs, news and research. Some rec-cons, I have heard, have taken an even more careful approach while others have been far more relaxed (I heard of someone who said cheerfully, “there is no way the ICO is going to be able to chase up everyone who has got this wrong.”).

That’s as may be, but it doesn’t alter the fact that while this legislation is based on doing the right thing, there are still aspects of it that don’t seem particularly well thought through. Not only that, but GDPR has cost businesses a stack of money, not just in staff time but also the cash required to ensure that communications are compliant and will engender the desired result (in our case, to get candidates to continue to opt in to receive our jobs, news, etc.).

One thing I’ve noticed is that despite the fact that firms and organisations need to comply with GDPR’s requirements, the response to it, in the forms and mailers I receive, is varied in the extreme. Some mailers, usually from big organisations with whom you actually do want to stay connected, are phenomenally detailed, as if trying to bludgeon the recipient into just going, “to hell with it, I can’t be bothered reading all this stuff, I’ll just tick the box,” while others are short and to the point. But as the number of communications reaches a crescendo over the next few weeks (and how much money must the likes of Mailchimp be making out of GDPR?!), the numbers of people going “to hell with it, that doesn’t affect me now and I can’t be bothered signing up for anything else” and just deleting the mailers will grow and grow.

In the meantime, thousands of firms will be wondering why their previously humungous databases now only have 20 people on them and how they are going to market themselves in the future. That, to be fair, is one of the points of GDPR and it’s a good thing as it will force lots of us, including Be-IT, to re-create databases that are genuinely valuable and contain only those who want to work with us. But, at the end of the day, those big companies for whom data is their stock in trade (yes, I am thinking of the likes of Facebook and Google) are going to be fine and it will be the smaller firms who, perhaps inadvertently, have got something wrong and are then subject to an SAR, who will get it in the neck. Given that the likes of Facebook have had, how can I put this delicately, some issues around the use of their data recently, is it not they (along with the plague of unsolicited calls from telemarketing companies) who need to be held to account under the new data protection regulations?